From owner-freebsd-pf@FreeBSD.ORG  Tue Mar  8 00:52:15 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EF91416A4CE
	for <freebsd-pf@freebsd.org>; Tue,  8 Mar 2005 00:52:14 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.183])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3C80943D5A
	for <freebsd-pf@freebsd.org>; Tue,  8 Mar 2005 00:52:14 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1D8SxJ-0007Pa-00; Tue, 08 Mar 2005 01:52:13 +0100
Received: from [84.128.142.56] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1D8SxI-0001Ud-00; Tue, 08 Mar 2005 01:52:13 +0100
From: Max Laier <max@love2party.net>
To: freebsd-pf@freebsd.org
Date: Tue, 8 Mar 2005 01:52:05 +0100
User-Agent: KMail/1.7.2
References: <BAY24-F208A7E1EA7876ABE868203CC500@phx.gbl>
In-Reply-To: <BAY24-F208A7E1EA7876ABE868203CC500@phx.gbl>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart4222114.KWxldEHC5O";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200503080152.11837.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
Subject: Re: nat / rdr timeouts?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2005 00:52:15 -0000

--nextPart4222114.KWxldEHC5O
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 08 March 2005 01:28, Stephane Raimbault wrote:
> Okay, I setup an OpenBSD 3.6 box with pf today as a test and I can not
> replicate the problem with OpenBSD.
>
> In fact, running the ab test returned MUCH beter results in terms of times
> to return the page and according to top the cpu barely budged when running
> the test on the openbsd pf box.  However running top on the freebsd pf box
> I clearly see a spike in cpu traffic as the cpu idle drops to 0% for a
> second.
>
>
> I'm currently running RELENG_5 on the freebsd box from this weekend... are
> there some debugging stuff turned on in the kernel that would explain the
> performance diffrence?
>
> I tried to replicate the test as closely as possible however there are so=
me
> subtle diffrences in my test.
>
> OpenBSD test
>
> PowerBook laptop (running ab) to an IP on the local network (openbsd ext
> interface (vlan0)) thru to the same openbsd box int interface (vlan1) to
> the web servers (10.0.11.16 and 10.0.11.17).
>
> FreeBSD Test
>
> IBM server running freebsd (ab) to an IP on it's local network (freebsd e=
xt
> interface (em0) thru to the same freebsd box int interface (em1) to the w=
eb
> severs (10.0.11.16 and 10.0.11.17).
>
> network wise it should be pretty much the same.  The only thing that came
> to mind, maybe it's because the powerbook is a better box then the IBM
> server running freebsd ?  but then seeing the CPU idle time and comparing
> the Freebsd +pf and the OpenBSD +pf being so diffrent... I ponder my
> question.
>
>
> Hope this makes sense.  Let me know if there is any other data I can
> provide ?

I don't fully understand how your setup looks like.  Where are you running =
ab=20
from?  Is there a dedicated box you run it on or are you running it on/from=
=20
the redirecting box itself?  Could you get the following setup realized:

             /----- OpenBSD ----\        WWW_1
             |                  |      / WWW_2
ab Client ---+                  +-----+-  ...
             |                  |      \ WWW_N
             \----- FreeBSD ----/

It does not matter (too much) how the gateways are connected to the client =
and=20
the servers, what matters is that the client and the servers are the same f=
or=20
both tests.  I suspect that (if you were running ab from the FreeBSD server=
)=20
you discovered a bug in FreeBSD's socket/tcp code much rather than in pf. =
=20
Please let me know if I misunderstood something and explain your test setup=
=20
with a bit more detail.

Thanks a lot in advance.

<snipp - it is linewarpping as hell, anyway>

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart4222114.KWxldEHC5O
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCLPc7XyyEoT62BG0RAsrSAJ41D1dxIiOsQwMEo2pbK99IcG5hswCfWmeZ
NTiCF0pUiiz7fzdbTcl9yVI=
=eY3L
-----END PGP SIGNATURE-----

--nextPart4222114.KWxldEHC5O--